What would you like to be added:
Add support in Syft to parse bun.lock (Bun lockfile) and generate dependencies/SBOM from it.
Why is this needed:
Syft may miss packages or produce incomplete/inaccurate SBOMs for Bun-based projects. Supporting bun.lock would improve coverage and reliability of dependency detection in modern JS ecosystems.
Additional context:
- Target file: bun.lock (Bun lockfile)
- Expected behavior: detect direct + transitive dependencies resolved in the lockfile and include them in the generated SBOM
What would you like to be added:
Add support in Syft to parse bun.lock (Bun lockfile) and generate dependencies/SBOM from it.
Why is this needed:
Syft may miss packages or produce incomplete/inaccurate SBOMs for Bun-based projects. Supporting bun.lock would improve coverage and reliability of dependency detection in modern JS ecosystems.
Additional context: